Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

The New ACC Protection of Sensitive Client Data Guidelines for Outside Counsel

June 21, 2017

Well, it’s not precisely new. As pal Dave Ries reminded me, I had missed covering the March 29^th announcement by the Association of Corporate Counsel (ACC), a global legal association representing more than 42,000 in-house counsel in 85 countries. The announcement concerned the release of safety guidelines for outside counsel who have access to sensitive company data as part of their engagements with corporate law departments. The guidelines, “Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information,” will serve as a benchmark for law firm cybersecurity practices.

The guidelines address information retention/return/destruction, data handling and encryption, data breach reporting, physical security, employee background screening, and cyber liability insurance. The model requirements are based on ACC members’ experience, past data security audits, and learned best practices in ensuring that sensitive client data remains confidential.

The guidelines were issued after the ACC Chief Legal Officers (CLO) 2017 Survey finding that information privacy and data breaches/protection of corporate data were ranked as “very” or “extremely” important by two-thirds of CLOs and general counsel (GCs). Since 2014, the percentage of GCs and CLOs expressing data breaches as “extremely” important rose from 19 percent to 26 percent in 2017.

Many corporate law departments conduct data security audits when they retain a new law firm, a responsibility increasingly held by corporate legal operations professionals that manage outside counsel relationships. According to the ACC Foundation: The State of Cybersecurity Report, more than a quarter of in-house counsel are “not confident” or “not sure” regarding their law firms’ data security. The ACC guidelines will give companies a benchmark when creating their own requirements for outside counsel, or when initiating a security audit.

Want the legal work? Looks like following these legal standards may be required by many current or potential clients.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

The New ACC Protection of Sensitive Client Data Guidelines for Outside Counsel

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer